diff --git a/rpmbuild/SOURCES/traefik-sni.patch b/rpmbuild/SOURCES/traefik-sni.patch new file mode 100644 index 0000000..e02da2d --- /dev/null +++ b/rpmbuild/SOURCES/traefik-sni.patch @@ -0,0 +1,69 @@ +diff --git a/integration/fixtures/tcp/mixed.toml b/integration/fixtures/tcp/mixed.toml +index 38d852e7..0e02b45f 100644 +--- a/integration/fixtures/tcp/mixed.toml ++++ b/integration/fixtures/tcp/mixed.toml +@@ -56,6 +56,13 @@ + entryPoints = [ "tcp" ] + [tcp.routers.to-whoami-no-cert.tls] + ++ [tcp.routers.to-whoami-wildcard] ++ rule = "HostSNI(`*.whoami-a.test`)" ++ service = "whoami-a" ++ entryPoints = [ "tcp" ] ++ [tcp.routers.to-whoami-wildcard.tls] ++ passthrough = true ++ + [tcp.services.whoami-a.loadBalancer] + [[tcp.services.whoami-a.loadBalancer.servers]] + address = "localhost:8081" +diff --git a/integration/tcp_test.go b/integration/tcp_test.go +index 16b1c8e4..dc834abc 100644 +--- a/integration/tcp_test.go ++++ b/integration/tcp_test.go +@@ -50,6 +50,11 @@ func (s *TCPSuite) TestMixed(c *check.C) { + c.Assert(err, checker.IsNil) + c.Assert(out, checker.Contains, "whoami-no-cert") + ++ // Traefik passes through, termination of wildcard match handled by whoami-a ++ out, err = guessWho("127.0.0.1:8093", "wildcard.whoami-a.test", true) ++ c.Assert(err, checker.IsNil) ++ c.Assert(out, checker.Contains, "whoami-a") ++ + tr1 := &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, +diff --git a/pkg/tcp/router.go b/pkg/tcp/router.go +index ea0f406e..c3ca22ce 100644 +--- a/pkg/tcp/router.go ++++ b/pkg/tcp/router.go +@@ -69,7 +69,7 @@ func (r *Router) ServeTCP(conn WriteCloser) { + // FIXME Optimize and test the routing table before helloServerName + serverName = types.CanonicalDomain(serverName) + if r.routingTable != nil && serverName != "" { +- if target, ok := r.routingTable[serverName]; ok { ++ if target, ok := r.GetTarget(serverName); ok { + target.ServeTCP(r.GetConn(conn, peeked)) + return + } +@@ -88,6 +88,21 @@ func (r *Router) ServeTCP(conn WriteCloser) { + } + } + ++// GetTarget finds a matching target allowing for wildcard domains. ++func (r *Router) GetTarget(serverName string) (Handler, bool) { ++ if target, ok := r.routingTable[serverName]; ok { ++ return target, true ++ } ++ ++ for targetName, target := range r.routingTable { ++ if strings.HasPrefix(targetName, "*.") && strings.HasSuffix(serverName, targetName[1:]) { ++ return target, true ++ } ++ } ++ ++ return nil, false ++} ++ + // AddRoute defines a handler for a given sniHost (* is the only valid option). + func (r *Router) AddRoute(sniHost string, target Handler) { + if r.routingTable == nil { diff --git a/rpmbuild/SPECS/traefik.spec b/rpmbuild/SPECS/traefik.spec index c7173c0..8f7cf04 100644 --- a/rpmbuild/SPECS/traefik.spec +++ b/rpmbuild/SPECS/traefik.spec @@ -1,23 +1,32 @@ +%global goipath github.com/traefik/traefik/v2 +Version: 2.3.6 + +%gometa + +%global common_description %{expand: Traefik (pronounced traffic) is a modern +HTTP reverse proxy and load balancer that makes deploying microservices easy. +Traefik integrates with your existing infrastructure components (Docker, +Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) +and configures itself automatically and dynamically. Pointing Traefik at your +orchestrator should be the only onfiguration step you need.} + Name: traefik -Version: 2.3.4 -Release: itix2 +Release: itix1 Summary: The Cloud Native Application Proxy License: MIT -Source0: https://github.com/traefik/%{name}/releases/download/v%{version}/%{name}_v%{version}_linux_amd64.tar.gz ExclusiveArch: x86_64 +URL: %{gourl} +Source0: %{gosource} Source1: traefik.service Source2: traefik.yaml +Patch0: traefik-sni.patch Requires(pre): shadow-utils BuildRequires: systemd +BuildRequires: breezy +BuildRequires: golang >= 1.15 %description - -Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer -that makes deploying microservices easy. Traefik integrates with your existing -infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, -Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and -dynamically. Pointing Traefik at your orchestrator should be the only -onfiguration step you need. +%{common_description} # Since we don't recompile from source, disable the build_id checking %global _missing_build_ids_terminate_build 0 @@ -25,17 +34,22 @@ onfiguration step you need. %global debug_package %{nil} %prep -%setup -q -c +%setup -c +%goprep +%patch0 -p1 cp %{S:1} %{name}.service cp %{S:2} %{name}.yaml %build +GO111MODULE=off go get github.com/containous/go-bindata/... +go generate +CGO_ENABLED=0 GO111MODULE=on go build -o %{gobuilddir}/traefik %{goipath}/cmd/traefik %install install -d %{buildroot}/opt/%{name}/etc/ install -d %{buildroot}/opt/%{name}/etc/conf.d install -d %{buildroot}/srv/%{name}/ -install -D traefik %{buildroot}/opt/%{name}/bin/traefik +install -D %{gobuilddir}/traefik %{buildroot}/opt/traefik/bin/traefik install -D -m 0644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %{name}.yaml %{buildroot}/opt/%{name}/etc/%{name}.yaml touch %{buildroot}/opt/%{name}/etc/%{name}.env